Blocking Specific Sites with Squid

Configuring Squid can be challenging at times but here is a simple and easy example of how to block sites.  Let’s start!

Define the Problem

Let’s first go ahead and outline what we would like to accomplish.  This Squid proxy will be located in a school where students’ Internet access must be filtered.  Due to school policy, certain sites must be blocked to protect students and minimize distractions/disruptions.  We’ll define two requirements:

• Faculty and teachers (10.1.0.0/20) are allowed to access all sites
• Students (10.1.16.0/20) are not allowed to access sites that are listed in our computer policy under “Non-Educational Use”

Configuration

Let’s create a minimal config for Squid.  Make /etc/squid/squid.conf look like this:

# Service Configuration
http_port 10.1.1.10:3128
 
# ACLs
## Deny access to certain websites for students only
acl student_workstations src 10.1.16.0/20
acl blocked_sites dstdomain "/etc/squid/blocked_sites.txt"
http_access deny blocked_sites student_workstations

As you can see in the configuration above, we’ve set the listening port and our first ACL.  The ACL blocks access to a list of sites (listed in /etc/squid/blocked_sites.txt) for all users sourcing from a device in the 10.1.16.0/20 subnet (which is where the students are located).  In our /etc/squid/blocked_sites.txt, we’ll add a site to test:

.hulu.com

Go ahead and check your configuration and then restart the service:

squid -k reconfigure
systemctl restart squid

Testing Our Configuration

Now, from a student workstation, we’ll try to browse to two sites – one of which is blocked (Hulu) and one that should be allowed by default (World Factbook):

Looks like our config works!